Hello,
I did analyze it a bit, but it is a rather strange situation, like trying to allocate an already allocated chunk, which cannot really happen due to a race in this case, being work with private memory (pkg).
Another option would be a memory overwrite, like a memcpy writing 0 over the header of the chunk, but the fields that are 0 are in the middle of the header structure, the other fields around (before and after) are not 0 and seem to have valid values.
So I couldn't get to a proper conclusion at that time. I will go through it again during the next days. One option was to catch this situation and don't crash, but throw an error.
Of course, extreme reasons would be corrupted (physical) memory or core file, but all seems ok at least for the last option here.
Cheers, Daniel
On 26/08/15 19:28, Alex Balashov wrote:
Hi Daniel,
Have you had a chance to look into this? If not, no worries at all, I am just afraid maybe I missed a follow-up or a patch.
On 08/22/2015 11:49 AM, Alex Balashov wrote:
Daniel,
On 08/22/2015 03:55 AM, Daniel-Constantin Mierla wrote:
can you give the content for qm and frag in frame 0:
p *qm p *frag
Of course, and thank you for looking into it!
- *qm
(gdb) print *qm $3 = {type = 1, size = 8388608, used = 2332928, real_used = 2817136, max_real_used = 2833136, ffrags = 262, first_frag = 0x7ff1ac559488, last_frag = 0x7ff1acd50fd8, free_bitmap = {282033345460158, 18014398510072385, 586595500732448793, 0 <repeats 29 times>, 1125899906843136}, free_hash = {{first = 0x0, no = 18446744073709551615}, {first = 0x7ff1ac5b64c0, no = 116}, {first = 0x7ff1ac7fe468, no = 21}, {first = 0x7ff1ac7fe8f0, no = 6}, {first = 0x7ff1ac7feca0, no = 2}, {first = 0x7ff1ac77a2a0, no = 3}, {first = 0x0, no = 0}, {first = 0x7ff1ac7fe4f8, no = 52}, {first = 0x7ff1ac77a420, no = 13}, {first = 0x7ff1ac7d50c8, no = 3}, {first = 0x7ff1ac803658, no = 3}, {first = 0x0, no = 0}, {first = 0x7ff1ac800aa8, no = 1}, {first = 0x7ff1ac7ff360, no = 6}, {first = 0x7ff1ac8039a8, no = 3}, {first = 0x7ff1ac8012c8, no = 1}, {first = 0x0, no = 0}, {first = 0x7ff1ac8021e8, no = 1}, {first = 0x7ff1ac803518, no = 1}, {first = 0x7ff1ac8002d8, no = 1}, {first = 0x7ff1ac7ff030, no = 3}, {first = 0x0, no = 0}, {first = 0x7ff1ac7ffb90, no = 1}, {first = 0x0, no = 0}, {first = 0x7ff1ac803170, no = 2}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac803268, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac7ffde8, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac800f98, no = 1}, {first = 0x0, no = 0} <repeats 15 times>, {first = 0x7ff1ac802718, no = 5}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac803a50, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac804348, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac804800, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac804cf0, no = 1}, {first = 0x0, no = 0} <repeats 34 times>, {first = 0x7ff1ac802950, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac801378, no = 2}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac8017b0, no = 1}, {first = 0x7ff1ac803cb8, no = 1}, {first = 0x0, no = 0} <repeats 34 times>, {first = 0x7ff1ac805510, no = 1}, {first = 0x7ff1ac805a80, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac805ff8, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac8065c0, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7ff1ac806ba0, no = 1}, {first = 0x0, no = 0} <repeats 1869 times>, {first = 0x7ff1ac8071b0, no = 1}, {first = 0x0, no = 0} <repeats 40 times>, {first = 0x7ff1ac803388, no = 1}}}
- *frag
(gdb) print *frag $4 = {size = 232, u = {nxt_free = 0x0, reserved = 0}, prv_free = 0x0, file = 0x75d29c "<core>: parser/msg_parser.c", func = 0x760150 "get_hdr_field", line = 116, check = 4042322160}
-- Alex